Compliance auditing for encrypted video conferences

ABSTRACT

One example method includes receiving, by a compliance auditing server, an indication of an encrypted video conference; sending, by the compliance auditing server, a request to a video conference provider to join a compliance auditing participant to the encrypted video conference, wherein the video conference provider does not have access to the compliance auditing server; receiving and storing, by the compliance auditing server, encrypted streams of audio and video from a plurality of participants in the video conference, wherein: the compliance auditing participant is one of the plurality of participants; and the video conference provider does not have access to the cryptographic meeting key; receiving, by the compliance auditing server after the encrypted video conference has ended, a request for a portion of the encrypted streams of audio and video; and providing, in response to the request, the portion of the encrypted streams of audio and video.

FIELD

The present application generally relates to hosting or participating invideo conferences and more particularly relates to systems and methodsfor compliance auditing video conferences.

BACKGROUND

Videoconferencing has become a common way for people to meet as a group,but without being at the same physical location. Participants can beinvited to a video conference meeting, join from their personalcomputers or telephones, and are able to see and hear each other andconverse largely as they would during an in-person group meeting orevent. The advent of user-friendly video conferencing software hasenabled teams to work collaboratively despite being dispersed around thecountry or the world. It has also enabled families and friends to engagewith each other in more meaningful ways, despite being physicallydistant from each other.

SUMMARY

Various examples are described for systems and methods for complianceauditing encrypted video conferences. One example method includesreceiving, by a compliance auditing server, an indication of anencrypted video conference; sending, by the compliance auditing server,a request to a video conference provider to join a compliance auditingparticipant to the encrypted video conference, wherein the videoconference provider does not have access to the compliance auditingserver; receiving and storing, by the compliance auditing server,encrypted streams of audio and video from a plurality of participants inthe video conference, wherein: the compliance auditing participant isone of the plurality of participants; the encrypted streams of audio andvideo are encrypted by the respective participants using a cryptographicmeeting key; and the video conference provider does not have access tothe cryptographic meeting key; receiving, by the compliance auditingserver after the encrypted video conference has ended, a request for aportion of the encrypted streams of audio and video; and providing, inresponse to the request, the portion of the encrypted streams of audioand video. Optionally, receiving and storing, by the compliance auditingserver, the encrypted streams of audio and video can includetransmitting a message to the video conference provider to store theencrypted streams of audio and video. In some embodiments, thecompliance auditing server is hosted by the video conference provider.

In some examples, the example method further includes receiving andstoring, by the compliance auditing server, the cryptographic meetingkey associated with the encrypted video conference. The example methodmay also include receiving, by the compliance auditing server after theencrypted video conference has ended, a request for decrypted streams ofaudio and video; decrypting, by the compliance auditing server, aportion of the encrypted streams of audio and video using thecryptographic meeting key to generate the decrypted streams of audio andvideo; and providing, by the compliance auditing server, the decryptedstreams of audio and video, and optionally, generating, by thecompliance auditing server, an MP4 file of the decrypted streams ofaudio and video.

In further examples, the example method includes receiving, by thecompliance auditing participant, one or more chat messages during theencrypted video conference, wherein the one or more chat messages areencrypted; and receiving and storing, by the compliance auditing server,the one or more chat messages received by the compliance auditingparticipant during the encrypted video conference, and optionally,receiving, by the compliance auditing server after the encrypted videoconference has ended, a request for decrypted message data from the oneor more chat messages; decrypting, by the compliance auditing server,the one or more chat messages using the cryptographic meeting key togenerate the decrypted message data; and providing, by the complianceauditing server, the decrypted message data. The example method may alsoinclude receiving, by the compliance auditing server after the videoconference has ended, a request for the cryptographic meeting key; andproviding, in response to the request, the cryptographic meeting key.

One example system includes a non-transitory computer-readable medium; acommunications interface; and a processor communicatively coupled to thenon-transitory computer-readable medium and the communicationsinterface, the processor configured to execute processor-executableinstructions stored in the non-transitory computer-readable medium to:receive an indication of an encrypted video conference; send a requestto a video conference provider to join a compliance auditing participantto the encrypted video conference, wherein the video conference providerdoes not have access to the compliance auditing server; receive andstore encrypted streams of audio and video from a plurality ofparticipants in the encrypted video conference, wherein: the complianceauditing participant is one of the plurality of participants; theencrypted streams of audio and video are encrypted by the respectiveparticipants using a cryptographic meeting key; and the video conferenceprovider does not have access to the cryptographic meeting key; andreceive a request for a portion of the encrypted streams of audio andvideo; and provide, in response to the request, the portion of theencrypted streams of audio and video. In some embodiments, theinstructions to receive and store the encrypted streams of audio andvideo further cause the processor to execute furtherprocessor-executable instructions stored in the non-transitorycomputer-readable medium to: transmit a message to the video conferenceprovider to store the encrypted streams of audio and video.

In some examples, the processor of the example system is configured toexecute further processor-executable instructions stored in thenon-transitory computer-readable medium to: receive and store thecryptographic meeting key associated with the encrypted videoconference. The processor may also be configured to execute furtherprocessor-executable instructions stored in the non-transitorycomputer-readable medium to: receive, after the encrypted videoconference has ended, a request for decrypted streams of audio andvideo; decrypt a portion of the encrypted streams of audio and videousing the cryptographic meeting key to generate the decrypted streams ofaudio and video; and provide the decrypted streams of audio and video,and optionally, generate an MP4 file of the decrypted streams of audioand video.

In some examples, the processor of the example system is configured toexecute further processor-executable instructions stored in thenon-transitory computer-readable medium to: receive and store one ormore chat messages received by the compliance auditing participantduring the encrypted video conference, wherein the one or more chatmessages are encrypted, and optionally, receive, after the encryptedvideo conference has ended, a request for decrypted message data fromthe one or more chat messages; decrypt the one or more chat messagesusing the cryptographic meeting key to generate the decrypted messagedata; and provide the decrypted message data. Additionally, theprocessor of the example system may be configured to execute furtherprocessor-executable instructions stored in the non-transitorycomputer-readable medium to: receive a request for the cryptographicmeeting key; and provide, in response to the request, the cryptographicmeeting key.

Another example method includes receiving, by a compliance auditingparticipant executing on a client device, an indication that anencrypted video conference is initiated, wherein the encrypted videoconference includes a plurality of participants; automatically joiningthe encrypted video conference with the client device; receiving, by thecompliance auditing participant from a host client device, acryptographic meeting key distributed to each participant of theplurality of participants, wherein the compliance auditing participantis one of the plurality of participants; recording, by the complianceauditing participant, encrypted streams of audio and video from aplurality of participants in the video conference; and transmitting, bythe compliance auditing participant, the encrypted audio and video tothe compliance auditing server.

In some examples, the example method also includes receiving, by thecompliance auditing participant, one or more chat messages exchangedduring the encrypted video conference, wherein the one or more chatmessages are encrypted, and optionally, transmitting, by the complianceauditing participant, the cryptographic meeting key to the complianceauditing server.

These illustrative examples are mentioned not to limit or define thescope of this disclosure, but rather to provide examples to aidunderstanding thereof. Illustrative examples are discussed in theDetailed Description, which provides further description. Advantagesoffered by various examples may be further understood by examining thisspecification.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated into and constitute apart of this specification, illustrate one or more certain examples and,together with the description of the example, serve to explain theprinciples and implementations of the certain examples.

FIGS. 1-4 show example systems for compliance auditing encrypted videoconferences;

FIG. 5 shows an example graphical user interface for compliance auditingencrypted video conferences;

FIGS. 6-9 show example methods for compliance auditing encrypted videoconferences; and

FIG. 10 shows an example computing device suitable for use with anysystem or method for compliance auditing encrypted video conferencesaccording to this disclosure.

DETAILED DESCRIPTION

Examples are described herein in the context of systems and methods forcompliance auditing encrypted video conferences. Those of ordinary skillin the art will realize that the following description is illustrativeonly and is not intended to be in any way limiting. Reference will nowbe made in detail to implementations of examples as illustrated in theaccompanying drawings. The same reference indicators will be usedthroughout the drawings and the following description to refer to thesame or like items.

In the interest of clarity, not all of the routine features of theexamples described herein are shown and described. It will, of course,be appreciated that in the development of any such actualimplementation, numerous implementation-specific decisions must be madein order to achieve the developer's specific goals, such as compliancewith application- and business-related constraints, and that thesespecific goals will vary from one implementation to another and from onedeveloper to another.

People participate in video conferences for a wide variety of reasons,such as to keep in touch with family, conduct business, or manage groupsor organizations. In some cases, participants in a video conference maywish to keep the contents of the video conference confidential and onlyavailable to certain authorized personnel. This can be done byencrypting audio and video that is streamed between participants to avideo conference, which may prevent potential eavesdroppers fromaccessing the streamed audio and video. Without the necessary decryptioninformation, accessing the encrypted audio and video can beprohibitively computationally difficult. However, in some scenarios,audio and video data may be decrypted by the video conference providerduring the course of an encrypted video conference.

For example, some video conference providers offer the option ofrecording a video conference. In some examples, the video conferenceprovider itself, being the nexus through which the audio and videotraverses, will record the meeting and provide access to the recordedmeeting to one or more of the participants. However, to perform thisfunctionality, the video conference provider needs to decrypt the audioand video for recording, even if the recorded audio and video issubsequently re-encrypted. Thus, the video conference provider hasaccess to the encrypted audio and video of the video conference. Such ascenario may be undesirable for any number of reasons. For example, thevideo conference provider's servers may be “untrusted” by theparticipants, meaning the provenance and identity of the servers may notbe verifiable by the participants or may otherwise be suspect. In somecases, the audio or video may include confidential information that maynot be shared with the video conference provider, e.g., by law orregulation. Further, the participants themselves may simply not want thevideo conference provider to have access to the content of the videoconference.

To provide security for the video conference, the participants may usean option to encrypt audio and video data between the participants anddistribute cryptographic information amongst the participants withoutsharing that cryptographic information with the video conferenceprovider. Thus, all of the participants are able to receive encryptedaudio and video and decrypt it, but while the video conference providercontinues to receive the encrypted video and audio and distribute it tothe participants, it is unable to decrypt it. However, this presents aproblem for auditing communication between participants during anencrypted video conference.

Organizations, such as business, legal entities, or educationalfacilities, may want to compliance audit its participants duringencrypted video conferences without impacting the security of thecommunication. For example, an organization may desire or be required toensure that any communication exchanged during a video conference be incompliance with organizational policies, legal obligations, orgovernmental regulations and/or laws. Generally, however, searchingthrough communications exchanged during an encrypted video conference isprecluded or difficult due to the nature of the encryption, such as, forexample, the video conference provider being unable to decrypt the audioand video streams from the video conference. Thus, unless a participantfrom the organization records the encrypted video conference, which isundesirable due to limited storage space or security reasons, a recordof the communications exchanged during the video conference is notaccessible by the organization.

To enable an organization to compliance audit communications exchangedduring an encrypted video conference, a compliance auditing participantfrom the organization is joined into the encrypted video conference. Thecompliance auditing participant may be automatically joined to any videoconference to which one or more participants from the organization join.The compliance auditing participant is treated by the other participantsas one of the participants in the video conference and, as such,receives any cryptographic information associated with the encryptedvideo conference. Because the compliance auditing participant receivescryptographic information associated with the encrypted videoconference, the organization can later access any encryptedcommunication from the video conference.

Encrypted communications from the video conference, such as the audioand video streams or chat message data, can be recorded and stored toprovide access to the communications to the organization after the videoconference is over. The organization can host or hire an complianceauditing server to record and/or store encrypted data from videoconferences. To allow for auditing of the encrypted data, the complianceauditing server can generate searchable files for the organization. Insome cases, the compliance auditing server also stores the cryptographicinformation received by the compliance auditing participant. Thus, whenthe organization requests to audit encrypted communications at a latertime, the compliance auditing server can decrypt any encryptedcommunications and provide the decrypted data to the organization forauditing.

Using such techniques allows hosts and participants in a videoconference to enjoy privacy for their communications and ensure thataccess to any communications exchanged during a video conference issimilarly restricted, while allowing organizations access to thecommunication to ensure compliance with various policies.

This illustrative example is given to introduce the reader to thegeneral subject matter discussed herein and the disclosure is notlimited to this example. The following sections describe variousadditional non-limiting examples and examples of systems and methods forcompliance auditing encrypted video conferences.

Referring now to FIG. 1 , FIG. 1 shows an example system 100 thatprovides videoconferencing functionality to various client devices. Thesystem 100 includes a video conference provider 110 that is connected tomultiple communication networks 120, 130, through which various clientdevices 140-180 can participate in video conferences hosted by the videoconference provider 110. For example, the video conference provider 110can be located within a private network to provide video conferencingservices to devices within the private network, or it can be connectedto a public network, e.g., the internet, so it may be accessed byanyone. Some examples may even provide a hybrid model in which a videoconference provider 110 may supply components to enable a privateorganization to host private internal video conferences or to connectits system to the video conference provider 110 over a public network.

The system optionally also includes one or more user identity providers,e.g., user identity provider 115, which can provide user identityservices to users of the client devices 140-160 and may authenticateuser identities of one or more users to the video conference provider110. In this example, the user identity provider 115 is operated by adifferent entity than the video conference provider 110, though in someexamples, they may be the same entity.

Video conference provider 110 allows clients to create videoconferencemeetings (or “meetings”) and invite others to participate in thosemeetings as well as perform other related functionality, such asrecording the meetings, generating transcripts from meeting audio,manage user functionality in the meetings, enable text messaging duringthe meetings, create and manage breakout rooms from the main meeting,etc. FIG. 2 , described below, provides a more detailed description ofthe architecture and functionality of the video conference provider 110.

Meetings in this example video conference provider 110 are provided invirtual “rooms” to which participants are connected. The room in thiscontext is a construct provided by a server that provides a common pointat which the various video and audio data is received before beingmultiplexed and provided to the various participants. While a “room” isthe label for this concept in this disclosure, any suitablefunctionality that enables multiple participants to participate in acommon videoconference may be used. Further, in some examples, and asalluded to above, a meeting may also have “breakout” rooms. Suchbreakout rooms may also be rooms that are associated with a “main”videoconference room. Thus, participants in the main videoconferenceroom may exit the room into a breakout room, e.g., to discuss aparticular topic, before returning to the main room. The breakout roomsin this example are discrete meetings that are associated with themeeting in the main room. However, to join a breakout room, aparticipant must first enter the main room. A room may have any numberof associated breakout rooms according to various examples.

To create a meeting with the video conference provider 110, a user maycontact the video conference provider 110 using a client device 140-180and select an option to create a new meeting. Such an option may beprovided in a webpage accessed by a client device 140-160 or clientapplication executed by a client device 140-160. For telephony devices,the user may be presented with an audio menu that they may navigate bypressing numeric buttons on their telephony device. To create themeeting, the video conference provider 110 may prompt the user forcertain information, such as a date, time, and duration for the meeting,a number of participants, a type of encryption to use, whether themeeting is confidential or open to the public, etc. After receiving thevarious meeting settings, the video conference provider may create arecord for the meeting and generate a meeting identifier and, in someexamples, a corresponding meeting password or passcode (or otherauthentication information), all of which meeting information isprovided to the meeting host.

After receiving the meeting information, the user may distribute themeeting information to one or more users to invite them to the meeting.To begin the meeting at the scheduled time (or immediately, if themeeting was set for an immediate start), the host provides the meetingidentifier and, if applicable, corresponding authentication information(e.g., a password or passcode). The video conference system theninitiates the meeting and may admit users to the meeting. Depending onthe options set for the meeting, the users may be admitted immediatelyupon providing the appropriate meeting identifier (and authenticationinformation, as appropriate), even if the host has not yet arrived, orthe users may be presented with information indicating the that meetinghas not yet started or the host may be required to specifically admitone or more of the users.

During the meeting, the participants may employ their client devices140-180 to capture audio or video information and stream thatinformation to the video conference provider 110. They also receiveaudio or video information from the video conference provider 210, whichis displayed by the respective client device 140 to enable the varioususers to participate in the meeting.

At the end of the meeting, the host may select an option to terminatethe meeting, or it may terminate automatically at a scheduled end timeor after a predetermined duration. When the meeting terminates, thevarious participants are disconnected from the meeting and they will nolonger receive audio or video streams for the meeting (and will stoptransmitting audio or video streams). The video conference provider 110may also invalidate the meeting information, such as the meetingidentifier or password/passcode.

To provide such functionality, one or more client devices 140-180 maycommunicate with the video conference provider 110 using one or morecommunication networks, such as network 120 or the public switchedtelephone network (“PSTN”) 130. The client devices 140-180 may be anysuitable computing or communications device that have audio or videocapability. For example, client devices 140-160 may be conventionalcomputing devices, such as desktop or laptop computers having processorsand computer-readable media, connected to the video conference provider110 using the internet or other suitable computer network. Suitablenetworks include the internet, any local area network (“LAN”), metroarea network (“MAN”), wide area network (“WAN”), cellular network (e.g.,3G, 4G, 4G LTE, 5G, etc.), or any combination of these. Other types ofcomputing devices may be used instead or as well, such as tablets,smartphones, and dedicated video conferencing equipment. Each of thesedevices may provide both audio and video capabilities and may enable oneor more users to participate in a video conference meeting hosted by thevideo conference provider 110.

In addition to the computing devices discussed above, client devices140-180 may also include one or more telephony devices, such as cellulartelephones (e.g., cellular telephone 170), internet protocol (“IP”)phones (e.g., telephone 180), or conventional telephones. Such telephonydevices may allow a user to make conventional telephone calls to othertelephony devices using the PSTN, including the video conferenceprovider 110. It should be appreciated that certain computing devicesmay also provide telephony functionality and may operate as telephonydevices. For example, smartphones typically provide cellular telephonecapabilities and thus may operate as telephony devices in the examplesystem 100 shown in FIG. 1 . In addition, conventional computing devicesmay execute software to enable telephony functionality, which may allowthe user to make and receive phone calls, e.g., using a headset andmicrophone. Such software may communicate with a PSTN gateway to routethe call from a computer network to the PSTN. Thus, telephony devicesencompass any devices that can making conventional telephone calls andis not limited solely to dedicated telephony devices like conventionaltelephones.

Referring again to client devices 140-160, these devices 140-160 contactthe video conference provider 110 using network 120 and may provideinformation to the video conference provider 110 to access functionalityprovided by the video conference provider 110, such as access to createnew meetings or join existing meetings. To do so, the client devices140-160 may provide user identification information, meetingidentifiers, meeting passwords or passcodes, etc. In examples thatemploy a user identity provider 115, a client device, e.g., clientdevices 140-160, may operate in conjunction with a user identityprovider 115 to provide user identification information or other userinformation to the video conference provider 110.

A user identity provider 115 may be any entity trusted by the videoconference provider 110 that can help identify a user to the videoconference provider 110. For example, a trusted entity may be a serveroperated by a business or other organization and with whom the user hasestablished their identity, such as an employer or trusted third-party.The user may sign into the user identity provider 115, such as byproviding a username and password, to access their identity at the useridentity provider 115. The identity, in this sense, is informationestablished and maintained at the user identity provider 115 that can beused to identify a particular user, irrespective of the client devicethey may be using. An example of an identity may be an email accountestablished at the user identity provider 115 by the user and secured bya password or additional security features, such as biometricauthentication, two-factor authentication, etc. However, identities maybe distinct from functionality such as email. For example, a health careprovider may establish identities for its patients. And while suchidentities may have associated email accounts, the identity is distinctfrom those email accounts. Thus, a user's “identity” relates to asecure, verified set of information that is tied to a particular userand should be accessible only by that user. By accessing the identity,the associated user may then verify themselves to other computingdevices or services, such as the video conference provider 110.

When the user accesses the video conference provider 110 using a clientdevice, the video conference provider 110 communicates with the useridentity provider 115 using information provided by the user to verifythe user's identity. For example, the user may provide a username orcryptographic signature associated with a user identity provider 115.The user identity provider 115 then either confirms the user's identityor denies the request. Based on this response, the video conferenceprovider 110 either provides or denies access to its services,respectively.

For telephony devices, e.g., client devices 170-180, the user may placea telephone call to the video conference provider 110 to access videoconference services. After the call is answered, the user may provideinformation regarding a video conference meeting, e.g., a meetingidentifier (“ID”), a passcode or password, etc., to allow the telephonydevice to join the meeting and participate using audio devices of thetelephony device, e.g., microphone(s) and speaker(s), even if videocapabilities are not provided by the telephony device.

Because telephony devices typically have more limited functionality thanconventional computing devices, they may be unable to provide certaininformation to the video conference provider 110. For example, telephonydevices may be unable to provide user identification information toidentify the telephony device or the user to the video conferenceprovider 110. Thus, the video conference provider 110 may provide morelimited functionality to such telephony devices. For example, the usermay be permitted to join a meeting after providing meeting information,e.g., a meeting identifier and passcode, but they may be identified onlyas an anonymous participant in the meeting. This may restrict theirability to interact with the meetings in some examples, such as bylimiting their ability to speak in the meeting, hear or view certaincontent shared during the meeting, or access other meetingfunctionality, such as joining breakout rooms or engaging in text chatwith other participants in the meeting.

It should be appreciated that users may choose to participate inmeetings anonymously and decline to provide user identificationinformation to the video conference provider 110, even in cases wherethe user has an authenticated identity and employs a client devicecapable of identifying the user to the video conference provider 110.The video conference provider 110 may determine whether to allow suchanonymous users to use services provided by the video conferenceprovider 110. Anonymous users, regardless of the reason for anonymity,may be restricted as discussed above with respect to users employingtelephony devices, and in some cases may be prevented from accessingcertain meetings or other services, or may be entirely prevented fromaccessing the video conference provider.

Referring again to video conference provider 110, in some examples, itmay allow client devices 140-160 to encrypt their respective video andaudio streams to help improve privacy in their meetings. Encryption maybe provided between the client devices 140-160 and the video conferenceprovider 110 or it may be provided in an end-to-end configuration wheremultimedia streams transmitted by the client devices 140-160 are notdecrypted until they are received by another client device 140-160participating in the meeting. Encryption may also be provided duringonly a portion of a communication, for example encryption may be usedfor otherwise unencrypted communications that cross internationalborders.

Client-to-server encryption may be used to secure the communicationsbetween the client devices 140-160 and the video conference provider110, while allowing the video conference provider 110 to access thedecrypted multimedia streams to perform certain processing, such asrecording the meeting for the participants or generating transcripts ofthe meeting for the participants. End-to-end encryption may be used tokeep the meeting entirely private to the participants without any worryabout a video conference provider 110 having access to the substance ofthe meeting. Any suitable encryption methodology may be employed,including key-pair encryption of the streams. For example, to provideend-to-end encryption, the meeting host's client device may obtainpublic keys for each of the other client devices participating in themeeting and securely exchange a set of keys to encrypt and decryptmultimedia content transmitted during the meeting. Thus the clientdevices 140-160 may securely communicate with each other during themeeting. Further, in some examples, certain types of encryption may belimited by the types of devices participating in the meeting. Forexample, telephony devices may lack the ability to encrypt and decryptmultimedia streams. Thus, while encrypting the multimedia streams may bedesirable in many instances, it is not required as it may prevent someusers from participating in a meeting.

By using the example system shown in FIG. 1 , users can create andparticipate in meetings using their respective client devices 140-180via the video conference provider 110. Further, such a system enablesusers to use a wide variety of different client devices 140-180 fromtraditional standards-based video conferencing hardware to dedicatedvideo conferencing equipment to laptop or desktop computers to handhelddevices to legacy telephony devices. etc.

Referring now to FIG. 2 , FIG. 2 shows an example system 200 in which avideo conference provider 210 provides videoconferencing functionalityto various client devices 220-250. The client devices 220-250 includetwo conventional computing devices 220-230, dedicated equipment for avideo conference room 240, and a telephony device 250. Each clientdevice 220-250 communicates with the video conference provider 210 overa communications network, such as the internet for client devices220-240 or the PSTN for client device 250, generally as described abovewith respect to FIG. 1 . The video conference provider 210 is also incommunication with one or more user identity providers 215, which canauthenticate various users to the video conference provider 210generally as described above with respect to FIG. 1 .

In this example, the video conference provider 210 employs multipledifferent servers (or groups of servers) to provide different aspects ofvideo conference functionality, thereby enabling the various clientdevices to create and participate in video conference meetings. Thevideo conference provider 210 uses one or more real-time media servers212, one or more network services servers 214, one or more video roomgateways 216, and one or more telephony gateways 218. Each of theseservers 212-218 is connected to one or more communications networks toenable them to collectively provide access to and participation in oneor more video conference meetings to the client devices 220-250.

The real-time media servers 212 provide multiplexed multimedia streamsto meeting participants, such as the client devices 220-250 shown inFIG. 2 . While video and audio streams typically originate at therespective client devices, they are transmitted from the client devices220-250 to the video conference provider 210 via one or more networkswhere they are received by the real-time media servers 212. Thereal-time media servers 212 determine which protocol is optimal basedon, for example, proxy settings and the presence of firewalls, etc. Forexample, the client device might select among UDP, TCP, TLS, or HTTPSfor audio and video and UDP for content screen sharing.

The real-time media servers 212 then multiplex the various video andaudio streams based on the target client device and communicatemultiplexed streams to each client device. For example, the real-timemedia servers 212 receive audio and video streams from client devices220-240 and only an audio stream from client device 250. The real-timemedia servers 212 then multiplex the streams received from devices230-250 and provide the multiplexed stream to client device 220. Thereal-time media servers 212 are adaptive, for example, reacting toreal-time network and client changes, in how they provide these streams.For example, the real-time media servers 212 may monitor parameters suchas a client's bandwidth CPU usage, memory and network I/O as well asnetwork parameters such as packet loss, latency and jitter to determinehow to modify the way in which streams are provided.

The client device 220 receives the stream, performs any decryption,decoding, and demultiplexing on the received streams, and then outputsthe audio and video using the client device's video and audio devices.In this example, the real-time media servers do not multiplex clientdevice 220's own video and audio feeds when transmitting streams to it.Instead each client device 220-250 only receives multimedia streams fromother client devices 220-250. For telephony devices that lack videocapabilities, e.g., client device 250, the real-time media servers 212only deliver multiplex audio streams. The client device 220 may receivemultiple streams for a particular communication, allowing the clientdevice 220 to switch between streams to provide a higher quality ofservice.

In addition to multiplexing multimedia streams, the real-time mediaservers 212 may also decrypt incoming multimedia stream in someexamples. As discussed above, multimedia streams may be encryptedbetween the client devices 220-250 and the video conference system 210.In some such examples, the real-time media servers 212 may decryptincoming multimedia streams, multiplex the multimedia streamsappropriately for the various clients, and encrypt the multiplexedstreams for transmission.

As mentioned above with respect to FIG. 1 , the video conferenceprovider 210 may provide certain functionality with respect tounencrypted multimedia streams at a user's request. For example, themeeting host may be able to request that the meeting be recorded or thata transcript of the audio streams be prepared, which may then beperformed by the real-time media servers 212 using the decryptedmultimedia streams, or the recording or transcription functionality maybe off-loaded to a dedicated server (or servers), e.g., cloud recordingservers, for recording the audio and video streams. In some examples,the video conference provider 210 may allow a meeting participant tonotify it of inappropriate behavior or content in a meeting. Such anotification may trigger the real-time media servers to 212 record aportion of the meeting for review by the video conference provider 210.Still other functionality may be implemented to take actions based onthe decrypted multimedia streams at the video conference provider, suchas monitoring video or audio quality, adjusting or changing mediaencoding mechanisms, etc.

It should be appreciated that multiple real-time media servers 212 maybe involved in communicating data for a single meeting and multimediastreams may be routed through multiple different real-time media servers212. In addition, the various real-time media servers 212 may not beco-located, but instead may be located at multiple different geographiclocations, which may enable high-quality communications between clientsthat are dispersed over wide geographic areas, such as being located indifferent countries or on different continents. Further, in someexamples, one or more of these servers may be co-located on a client'spremises, e.g., at a business or other organization. For example,different geographic regions may each have one or more real-time mediaservers 212 to enable client devices in the same geographic region tohave a high-quality connection into the video conference provider 210via local servers 212 to send and receive multimedia streams, ratherthan connecting to a real-time media server located in a differentcountry or on a different continent. The local real-time media servers212 may then communicate with physically distant servers usinghigh-speed network infrastructure, e.g., internet backbone network(s),that otherwise might not be directly available to client devices 220-250themselves. Thus, routing multimedia streams may be distributedthroughout the video conference system 210 and across many differentreal-time media servers 212.

Turning to the network services servers 214, these servers 214 provideadministrative functionality to enable client devices to create orparticipate in meetings, send meeting invitations, create or manage useraccounts or subscriptions, and other related functionality. Further,these servers may be configured to perform different functionalities orto operate at different levels of a hierarchy, e.g., for specificregions or localities, to manage portions of the video conferenceprovider under a supervisory set of servers. When a client device220-250 accesses the video conference provider 210, it will typicallycommunicate with one or more network services servers 214 to accesstheir account or to participate in a meeting.

When a client device 220-250 first contacts the video conferenceprovider 210 in this example, it is routed to a network services server214. The client device may then provide access credentials for a user,e.g., a username and password or single sign-on credentials, to gainauthenticated access to the video conference provider 210. This processmay involve the network services servers 214 contacting a user identityprovider 215 to verify the provided credentials. Once the user'scredentials have been accepted, the client device 220-250 may performadministrative functionality, like updating user account information, ifthe user has an identity with the video conference provider 210, orscheduling a new meeting, by interacting with the network servicesservers 214.

In some examples, users may access the video conference provider 210anonymously. When communicating anonymously, a client device 220-250 maycommunicate with one or more network services servers 214 but onlyprovide information to create or join a meeting, depending on whatfeatures the video conference provider allows for anonymous users. Forexample, an anonymous user may access the video conference providerusing client 220 and provide a meeting ID and passcode. The networkservices server 214 may use the meeting ID to identify an upcoming oron-going meeting and verify the passcode is correct for the meeting ID.After doing so, the network services server(s) 214 may then communicateinformation to the client device 220 to enable the client device 220 tojoin the meeting and communicate with appropriate real-time mediaservers 212.

In cases where a user wishes to schedule a meeting, the user (anonymousor authenticated) may select an option to schedule a new meeting and maythen select various meeting options, such as the date and time for themeeting, the duration for the meeting, a type of encryption to be used,one or more users to invite, privacy controls (e.g., not allowinganonymous users, preventing screen sharing, manually authorize admissionto the meeting, etc.), meeting recording options, etc. The networkservices servers 214 may then create and store a meeting record for thescheduled meeting. When the scheduled meeting time arrives (or within athreshold period of time in advance), the network services server(s) 214may accept requests to join the meeting from various users.

To handle requests to join a meeting, the network services server(s) 214may receive meeting information, such as a meeting ID and passcode, fromone or more client devices 220-250. The network services server(s) 214locate a meeting record corresponding to the provided meeting ID andthen confirm whether the scheduled start time for the meeting hasarrived, whether the meeting host has started the meeting, and whetherthe passcode matches the passcode in the meeting record. If the requestis made by the host, the network services server(s) 214 activates themeeting and connects the host to a real-time media server 212 to enablethe host to begin sending and receiving multimedia streams.

Once the host has started the meeting, subsequent users requestingaccess will be admitted to the meeting if the meeting record is locatedand the passcode matches the passcode supplied by the requesting clientdevice 220-250. In some examples additional access controls may be usedas well. But if the network services server(s) 214 determines to admitthe requesting client device 220-250 to the meeting, the networkservices server 214 identifies a real-time media server 212 to handlemultimedia streams to and from the requesting client device 220-250 andprovides information to the client device 220-250 to connect to theidentified real-time media server 212. Additional client devices 220-250may be added to the meeting as they request access through the networkservices server(s) 214.

After joining a meeting, client devices will send and receive multimediastreams via the real-time media servers 212, but they may alsocommunicate with the network services servers 214 as needed duringmeetings. For example, if the meeting host leaves the meeting, thenetwork services server(s) 214 may appoint another user as the newmeeting host and assign host administrative privileges to that user.Hosts may have administrative privileges to allow them to manage theirmeetings, such as by enabling or disabling screen sharing, muting orremoving users from the meeting, creating sub-meetings or “break-out”rooms, recording meetings, etc. Such functionality may be managed by thenetwork services server(s) 214.

For example, if a host wishes to remove a user from a meeting, they mayidentify the user and issue a command through a user interface on theirclient device. The command may be sent to a network services server 214,which may then disconnect the identified user from the correspondingreal-time media server 212. If the host wishes to create a break-outroom for one or more meeting participants to join, such a command mayalso be handled by a network services server 214, which may create a newmeeting record corresponding to the break-out room and then connect oneor more meeting participants to the break-out room similarly to how itoriginally admitted the participants to the meeting itself.

In addition to creating and administering on-going meetings, the networkservices server(s) 214 may also be responsible for closing andtearing-down meetings once they have completed. For example, the meetinghost may issue a command to end an on-going meeting, which is sent to anetwork services server 214. The network services server 214 may thenremove any remaining participants from the meeting, communicate with oneor more real time media servers 212 to stop streaming audio and videofor the meeting, and deactivate, e.g., by deleting a correspondingpasscode for the meeting from the meeting record, or delete the meetingrecord(s) corresponding to the meeting. Thus, if a user later attemptsto access the meeting, the network services server(s) 214 may deny therequest.

Depending on the functionality provided by the video conferenceprovider, the network services server(s) 214 may provide additionalfunctionality, such as by providing private meeting capabilities fororganizations, special types of meetings (e.g., webinars), etc. Suchfunctionality may be provided according to various examples of videoconferencing providers according to this description.

Referring now to the video room gateway servers 216, these servers 216provide an interface between dedicated video conferencing hardware, suchas may be used in dedicated video conferencing rooms. Such videoconferencing hardware may include one or more cameras and microphonesand a computing device designed to receive video and audio streams fromeach of the cameras and microphones and connect with the videoconference provider 210. For example, the video conferencing hardwaremay be provided by the video conference provider to one or more of itssubscribers, which may provide access credentials to the videoconferencing hardware to use to connect to the video conferenceprovider.

The video room gateway servers 216 provide specialized authenticationand communication with the dedicated video conferencing hardware thatmay not be available to other client devices 220-230, 250. For example,the video conferencing hardware may register with the video conferenceprovider when it is first installed and the video room gateway mayauthenticate the video conferencing hardware using such registration aswell as information provided to the video room gateway server(s) 216when dedicated video conferencing hardware connects to it, such asdevice ID information, subscriber information, hardware capabilities,hardware version information etc. Upon receiving such information andauthenticating the dedicated video conferencing hardware, the video roomgateway server(s) 216 may interact with the network services servers 214and real-time media servers 212 to allow the video conferencing hardwareto create or join meetings hosted by the video conference provider 210.

Referring now to the telephony gateway servers 218, these servers 218enable and facilitate telephony devices' participation in meetings hosedby the video conference provider. Because telephony devices communicateusing the PSTN and not using computer networking protocols, such asTCP/IP, the telephony gateway servers 218 act as an interface thatconverts between the PSTN and the networking system used by the videoconference provider 210.

For example, if a user uses a telephony device to connect to a meeting,they may dial a phone number corresponding to one of the videoconference provider's telephony gateway servers 218. The telephonygateway server 218 will answer the call and generate audio messagesrequesting information from the user, such as a meeting ID and passcode.The user may enter such information using buttons on the telephonydevice, e.g., by sending dual-tone multi-frequency (“DTMF”) audiosignals to the telephony gateway server 218. The telephony gatewayserver 218 determines the numbers or letters entered by the user andprovides the meeting ID and passcode information to the network servicesservers 214, along with a request to join or start the meeting,generally as described above. Once the telephony client device 250 hasbeen accepted into a meeting, the telephony gateway server 218 isinstead joined to the meeting on the telephony device's behalf.

After joining the meeting, the telephony gateway server 218 receives anaudio stream from the telephony device and provides it to thecorresponding real-time media server 212, and receives audio streamsfrom the real-time media server 212, decodes them, and provides thedecoded audio to the telephony device. Thus, the telephony gatewayservers 218 operate essentially as client devices, while the telephonydevice operates largely as an input/output device, e.g., a microphoneand speaker, for the corresponding telephony gateway server 218, therebyenabling the user of the telephony device to participate in the meetingdespite not using a computing device or video.

It should be appreciated that the components of the video conferenceprovider 210 discussed above are merely examples of such devices and anexample architecture. Some video conference providers may provide moreor less functionality than described above and may not separatefunctionality into different types of servers as discussed above.Instead, any suitable servers and network architectures may be usedaccording to different examples.

Referring now to FIG. 3 , FIG. 3 illustrates a simplified system 300that enables the users to engage in an end-to-end (“E2E”) encryptedvideo conference. The system includes two client devices 320, 330 and avideo conference provider 310. The client devices 320, 330 are connectedto the video conference provider 310 through one or more communicationnetworks (not shown), generally as described above with respect to FIGS.1 and 2 . Client devices 320, 330 may be associated with differentorganizations or the same organization.

In an E2E-encrypted video conference, each participant joins the videoconference with their respective client device 320-330 and the hostestablishes a meeting key, e.g., a symmetric cryptographic key, thatwill be used to encrypt and decrypt the audio and video streams. Each ofthe participants also has their own respective public/private key pairthat can be used to communicate with the respective participant and eachparticipant's public key is published or distributed in any suitablemanner, such as by registering it with a trusted entity or by generatinga cryptographic signature using a private key and allowing the host orother participants to use a published copy of the public key to verifythe signature.

Once each participant's public key has been verified, the host cansecurely distribute the meeting key to the participants by encryptingthe meeting key using the participant's respective public keys. Forexample, the host may generate and send an encrypted message includingthe meeting key to each participant using the respective participant'spublic key. Upon receiving successfully decrypting the meeting key, therespective participants are then able to encrypt and decrypt meetingcontent.

In system 300 shown in FIG. 3 , client device 320 initially connects tothe video conference provider 310 and requests that the video conferenceprovider 310 create a new meeting. Once the meeting is created, clientdevice 320 is designated as the host of the meeting and establishes ameeting key to use to provide for E2E encryption in the meeting, butdoes not provide it to the video conference provider 310. Subsequently,a participant client device 330 joins the meeting and generates andprovides a cryptographically signed message using its private key to thehost client device 320, which verifies the message using theparticipant's public key. After verifying the public key, the hostclient device 320 encrypts the meeting key using the participant'spublic key and transmits it to the participant client device 330, whichdecrypts the meeting key. Once the meeting key has been successfullyreceived and decrypted by the participant client device 330, it maybegin transmitting encrypted audio and video using the meeting key.

In this example, each participant generates a per-stream encryption keyby computing a new key using a non-secret stream ID for each data streamit transmits (e.g., audio and video), and uses the corresponding streamencryption key to encrypt its audio and video stream(s). The videoconference provider receives the various encrypted streams, multiplexesthem generally as described above with respect to FIGS. 1 and 2 , anddistributes them to the various participating client devices 320, 330.The respective client devices 320, 330 can then use the meeting key todecrypt the incoming streams and view the content of the videoconference.

However, as part of this process, the video conference provider 310 doesnot have access to the meeting key. Thus, the video conference provider310 is unable to decrypt the various audio and video streams. Butbecause the individual streams are separately received from the variousparticipants, the video conference provider 310 is able to identify thesource of each stream and therefore it can properly multiplex thestreams for delivery to each participant.

A consequence of the video conference provider 310 lacking access to themeeting key is that it cannot decrypt the audio and video streams torecord them. Further, and as alluded to above, the meeting key isdiscarded by the various clients once the meeting has ended. Thus,recording meetings in an E2E-encrypted meeting becomes problematic. If ameeting is not recorded, then an organization cannot review or auditcommunication data from the video conference after the video conferenceis over.

In some cases, an organization may not want the video conferenceprovider 310 to record video and audio streams from the E2E-encryptedmeeting. Instead, the organization may join a compliance auditingparticipant into the E2E-encrypted meeting on its behalf. It should beappreciated that the term “join” used herein can also mean “add,” “allowto join,” “accept,” and the like. The compliance auditing participantcan record the video and audio streams from the encrypted meeting andprovide the encrypted streams of audio and video to the organization forauditing and review purposes. The compliance auditing participant isdiscussed in greater detail with respect to FIG. 4 .

FIG. 4 shows another example system 400 for compliance auditingencrypted video conferences. In this example, the host's client device420 is connected to a private network 440 within the host's company ororganization, which is a customer of the video conference provider 410.The organization also maintains a server 450 that can provide encryptionkey information and can perform decryption and encoding functionality onaudio and video.

In this example, the organization also maintains a compliance auditingserver 460. The compliance auditing server 460 can be run on premise orcould be a cloud-based server. Regardless of the physical location ofthe server, the compliance auditing server 460 is controlled by theorganization and not visible or accessible by the video conferenceprovider 410. The compliance auditing server 460 is connected to theprivate network 440 within the host's company or organization andprovides compliance auditing of video conferences for the host's companyor organization.

In some examples, the compliance auditing server 460 can be hired out bythe organization. For example, due to the cost of maintaining thecompliance auditing server 460, the organization may hire the videoconference provider 410 or other service provider to maintain and runthe compliance auditing server 460. In such examples, the complianceauditing server 460 can be located and owned by either the organizationor the video conference provider 410, however, only the organization hasaccess to the data stored by the compliance auditing server 460. Inother words, while the video conference provider 410 runs and maintainsthe compliance auditing server 460, the video conference provider 410cannot access the data written and stored within the compliance auditingserver 460. Thus, while the video conference provider 410 may havephysical access to the compliance auditing server 460, the videoconference provider 410 does not have access to data stored within thecompliance auditing server 460. Only the organization and agents of theorganization may have access to the data stored within the complianceauditing server 460. Thus, it should be appreciated that the term“access” can mean “access to stored data” herein.

To provide compliance auditing of video conferences, the complianceauditing server 460 receives an indication that a client deviceassociated with the organization, such as the host's client device 420,is joining a video conference. The video conference may be an encryptedvideo conference as discussed herein. The compliance auditing server 460can receive the indication that the host's client device 420 is joiningthe encrypted video conference via the private network 440. For example,when the host's client device 420 accesses the video conference provider410, it will communicate with the private network 440, which will inturn notify (e.g., provide indication to) the compliance auditing server460. It should be appreciated that the compliance auditing server 460may receive an indication of the host's client device 420 involvementwith the encrypted video conference via other means. For example, thecompliance auditing server 460 can receive the indication by means ofreceiving a meeting invitation automatically whenever the host's clientdevice 420 sends or receives a meeting invitation. In another example,the indication can be received by means of a notification from the videoconference provider 410 or the host's client device 420 when the host'sclient device 420 accesses the video conference provider 410. It shouldbe appreciated that while this example is discussed with respect to thehost's client device 420, any client device associated with theorganization may also be used.

Responsive to the indication that the host's client device 420 isjoining the encrypted video conference, the compliance auditing server460 requests to join a compliance auditing participant 462 to theencrypted video conference. The compliance auditing participant 462 maybe a software based application, such as a video conferencing softwareapplication that has been modified to join identified meetings andautomatically record audio, video, text chat messages, etc. exchangedduring the meeting, that is running on the compliance auditing server460 that joins any encrypted video conference in which a client deviceassociated with the organization, such as the host's client device 420joins. In some cases, the compliance auditing participant 462 is asoftware based application executed by the host's client device 420 (orany client or computing device associated with the organization). Thecompliance auditing participant 462 joins an encrypted video conferencealong with the host's client device 420 to record and provide theorganization access to the encrypted streams of audio and videoexchanged after the video conference is over.

The compliance auditing participant 462 can be automatically joined tothe encrypted video conference when the host's client device joins theencrypted video conference. For example, the host's client device 420'srequest to join the encrypted video conference may include the requestto join the compliance auditing participant 462. Alternatively, thecompliance auditing participant 462 (or an instance of the complianceauditing participant 462) may automatically join the meeting at ascheduled start time. When the host's client device 420 joins theencrypted video conference, the compliance auditing server 460 mayautomatically join the compliance auditing participant 462 along withthe host's client device 420 to the encrypted video conference.

In this example, when the host's client device 420 establishes themeeting, the host's client device 420 generates and distributes themeeting key generally as discussed above with respect to FIG. 3 . Themeeting key may be a symmetric cryptographic meeting key. The meetingkey is distributed to all the participants of the encrypted videoconference, including the compliance auditing participant 462. Becausethe compliance auditing participant 462 is treated as one of theparticipants, the compliance auditing participant 462 also receives thecryptographic meeting key. The compliance auditing participant 462 istreated as any other participant by the video conference provider 210and maintains the functionality of one of client devices 220-250 asdiscussed above with respect to FIGS. 2 and 3 . Thus, the complianceauditing participant 462 receives the encrypted streams of audio andvideo from the encrypted meeting conference distributed by the videoconference provider 410. Upon receipt of the cryptographic meeting key,the compliance auditing participant 462 may transmit the cryptographicmeeting key to the compliance auditing server 460, which in turn, mayreceive and store the cryptographic meeting key in a record in a datastore associated with the meeting.

As noted above, the compliance auditing participant 462 receives theencrypted streams of audio and video from the encrypted videoconference. In this example, the compliance auditing participant 462also records the encrypted streams of audio and video from theE2E-encrypted meeting. The compliance auditing participant 462 may actas a cloud-based recorder to record the encrypted streams of audio andvideo. In some examples, the compliance auditing participant 462 mayrequest the video conference provider 410 to record the encryptedstreams of audio and video. In such examples, the video conferenceprovider 410 transmits the recorded encrypted streams of audio and videoto the compliance auditing server 460. Because the video conferenceprovider 410 does not have access to the cryptographic meeting key, thevideo conference provider 410 cannot decrypt the encrypted streams ofaudio and video. Thus, the encrypted video conference maintains privacyand security for its participants.

The encrypted streams of audio and video recorded by the complianceauditing participant 462 may be stored on the client device that isproviding the compliance auditing participant 462 and later forwarded tothe compliance auditing server 460, or it may be immediately transmittedto the compliance auditing server 460, and in turn received and storedby the compliance auditing server 460. In addition to providing theencrypted streams of audio and video to the compliance auditing server460, the compliance auditing participant 462 also receives one or morechat messages exchanged by the participants during the meeting. The oneor more chat messages are also encrypted using the meeting key. Uponreceipt of the one or more chat messages, the compliance auditingparticipant 462 may also transmit the one or more chat messages to thecompliance auditing server 460, which in turn, receives and stores theone or more chat messages.

In some cases, if more than one compliance auditing participant 462associated with different organizations join the encrypted videoconference, each respective compliance auditing participant 462 recordsits own copy of the encrypted streams of audio, video, chat messages,etc. However, in some cases, several of the organizations may contractwith a cloud service provider, such as the video conference provider410, to store the recordings. To reduce storage usage, the cloud serviceprovider may detect that multiple recordings are being made of the samemeeting and may only store a single copy of the recording, but alsoassociate it with each of the organizations for them to individuallyaccess. For example, if a first compliance auditing participant 462associated with a first organization joins the encrypted videoconference, and a second compliance auditing participant 462 associatedwith a second organization joins the same encrypted video conference,both compliance auditing participants 462 may receive the same encryptedstreams of audio and video. If both the organizations hire out thecompliance auditing server 460 to the video conference provider 410, thevideo conference provider 410 may only store one recording of theencrypted streams of audio and video to minimize storage space. Whileeither organization can access the encrypted streams of audio and video,the encrypted streams of audio and video may only be written to thecompliance auditing server 460 once.

In some examples, the encrypted streams of audio, video, chat messages,and the like, may be stored by one entity (e.g., the video conferenceprovider 410) while the meeting keys are stored by second entity (e.g.,the compliance auditing server 460). By storing the encrypted dataseparately from the meeting keys, this can allow the compliance auditingserver 460 to have minimal data storage requirements withoutcompromising data security.

Once the meeting is over, the customer's server 450 can request thedecrypted recording of the encrypted streams of audio and video from thecompliance auditing server 460. Upon receiving the request, thecompliance auditing server 460 can decrypt the encrypted meetingrecording using the cryptographic meeting key and provide a decryptedmeeting recording to the customer's server 450. Additionally, afterdecrypting the encrypted streams of audio and video, the complianceauditing server 460 may encode the decrypted streams of audio and video,e.g., as an mp4 file, to reduce the amount of raw data from the videoand audio that must be transferred to the organization.

The compliance auditing server 460 allows the organization to maintaincontrol over the recording because only the compliance auditing server460, which is either hosted or hired by the organization (e.g.,customer), can decrypt the encrypted meeting recording itself. Asdiscussed above the video conference provider 410 is not provided with acopy of the meeting key(s) used during the meeting. Further, it enablesthe customer to push computationally expensive processing to dedicatedresources, such as a cloud environment, where the decryption andvideo/audio encoding can be performed, and it can store the decrypted,encoded recording at any suitable secure location for later retrieval byauthorized personnel. Because this process is performed by thecompliance auditing server 460 (or other of the customer's computingresources), rather than one of the participants or the video conferenceprovider 410, the customer is able to maintain control over the meetingrecording and only allow access by appropriate personnel within thecustomer's organization.

Referring now to FIG. 5 , FIG. 5 shows an example graphical userinterface (GUI) 500 for a video conference such as an encrypted videoconferences as described herein. The GUI 500 of FIG. 5 will be describedwith respect to the systems shown in FIG. 4 ; however any suitablesystem according to this disclosure may be employed, including any ofthe systems shown in FIGS. 1-3 .

In some embodiments, a GUI 500 is viewable to a participant of the videoconference on the participant's device, for example the client device420. Presentation of the GUI 500 on the participant's device may be inresponse to the initiation of the video conference.

The GUI 500 may include a roster 504 of a plurality of participants ofthe video conference. The roster 504 may include a video stream of theplurality of participants. In other embodiments, the roster 504 mayinclude a picture, image, representation, or a listing of the pluralityof participants. When a participant joins the video conference, thejoining participant is added to the roster 504.

Upon initiation of a video conference, a compliance auditing participant462 is joined to the video conference. The compliance auditingparticipant 462 may be automatically joined to the video conference uponinitiation of the video conference. In some embodiments, the complianceauditing participant 462 is manually joined to the video conference. Forexample, the meeting host or one or more participants of the videoconference may receive a prompt requesting permission to join complianceauditing participant 462 to the video conference. If the request isgranted, then compliance auditing participant 462 is joined to the videoconference. If the request is denied, an indication of the denial may besent to the customer server 450 for client compliance purposes. In someexamples, the compliance auditing participant 462 may attempt to joinimmediately upon the meeting starting, and depending on the securitysettings for the meeting, may be automatically allowed to join or mayrequire admission from the host, as discussed above.

Upon joining the video conference, the compliance auditing participant462 may be added to a meeting roster 504. The meeting roster 504provides an indication of the one or more participants of the videoconference. For example, the meeting roster 504 may provide the identityof each participant of a plurality of participants. The meeting roster504 may be a listing of the identity (e.g., name) of the participants orthe meeting roster 504 may provide an image or video stream of theparticipant. Similar to the compliance auditing participant 462, when aparticipant joins the video conference, the participant is added to themeeting roster 504. In embodiments when the meeting roster 504encompasses an image or video stream of participants, an indication ofthe compliance auditing participant 462 may be added to the GUI 500. Forexample, an indication 564 of the compliance auditing participant 462may be provided on a video stream 502, which may occur when thecompliance auditing participant 462 begins recording the meeting. Thecompliance auditing participant 462 may automatically record the meetingupon joining the meeting. The video stream 502 is the live video streamof an active participant 508.

In some examples, the compliance auditing participant 462 may not bevisible to a portion of or any of the participants of the videoconference. In some cases, the compliance auditing participant 462 maybe visible to only participants associated with the organizationcorresponding to the compliance auditing participant 462. The visibilityof the compliance auditing participant 462 may depend on applicablelaws, regulations, and rules governing the organization, participants,and/or the video conference provider 410.

During the video conference, participants of the video conference sendand receive video and audio streams. If the video conference isencrypted, then the video and audio streams received may be encryptedstreams. Each participant may receive a meeting cryptographic key which,as discussed above, allows access for the participants to the encryptedstreams of video and audio.

The compliance auditing participant 462 is treated as one of theparticipants of the video conference. For example, the complianceauditing participant 462 obtains the meeting cryptographic key andreceives the encrypted streams of audio and video as though it were anyother participant in the meeting. In some embodiments, the meetingcryptographic key obtained by the compliance auditing participant 462 istransmitted to and stored by the compliance auditing server 460 andassociated with a recording of the meeting.

Another manner in which the compliance auditing participant 462 istreated as one of the participants of the video conference is that thecompliance auditing participant 462 receives any chat messages sentbetween the plurality of participants during the video conference. GUI500 includes a chat box 510 which allows participants of the videoconference to message one another during a video conference. Any chatmessages sent or received by a participant during the video conferenceare received by the compliance auditing participant 462 as well.

Upon receipt of the chat messages by the compliance auditing participant462, the compliance auditing server 460 can store the respectiveencrypted chat message data. In this manner, the organization can loginto the compliance auditing server 460 and, using the meeting keyobtained by the compliance auditing participant 462 and stored in thecompliance auditing server 460, decrypt the encrypted chat message datafor review and auditing. Since the compliance auditing server 460 is notrun on the video conference provider 410 infrastructure and/or the videoconference provider 410 does not have access to the meeting key, themessage data is secure and private.

In some cases, a third party may decrypt and/or audit the encryptedmessage data for the organization. In such cases, the complianceauditing server 460 can pull down the encrypted chat message data andsend the data to the third party, along with the cryptographic meetingkey for decryption and auditing. In some cases, the compliance auditingserver 460 decrypts the message data and only sends the decryptedmessage data to the third party for auditing. A similar approach may beused for the decryption and auditing of the encrypted audio and videostreams (e.g., a third party can decrypt and/or audit the audio andvideo streams stored by the compliance auditing server 460). In bothcases, the compliance auditing server 460 can encode any decryptedmaterial (e.g., the streams of audio and video or chat message data) toa suitable format, and store the decrypted material (encoded or not)onto a data store, such as its own.

As illustrated, GUI 500 includes a dashboard 506 containing one or moreaction selections. For example, dashboard 506 includes a recordingselection 512 that allows a participant to record the streams of audioand video during the video conference. In some embodiments, thecompliance auditing participant 462 receives notification of a selectionof one or more of the action selections. For example, if a participantrecords the streams of audio and video by selecting the recordingselections, the compliance auditing participant 462 receives anotification that the participant is recording and may transmit suchinformation to the compliance auditing server 460 to be logged.

Referring now to FIG. 6 , FIG. 6 shows an example method 600 forcompliance auditing an encrypted video conference. The method 600 ofFIG. 6 will be described with respect to the systems shown in FIGS. 4and 5 ; however any suitable system according to this disclosure may beemployed, including any of the systems shown in FIGS. 1-3 .

At block 610, the compliance auditing server 460 receives an indicationthat an encrypted video conference is initiated. The compliance auditingserver 460 may receive the indication when a client device associatedwith the organization joins the encrypted video conference. In someexamples, the compliance auditing server 460 may receive the indicationwhen the scheduled meeting starts.

Initiation of the encrypted video conference may be performed by thevideo conference provider 410 in response to receipt of a request fromthe host's client device 420 to initiate an encrypted video conference.The request may identify certain meeting information, such as a meetingidentifier and passcode. It may also include one or more options for themeeting, including an option to employ E2E encryption. Alternatively,the request to employ E2E encryption may be sent separately from therequest to initiate the meeting.

At block 620, upon receiving the indication of initiation of theencrypted video conference, the compliance auditing server 460 sends arequest to the video conference provider 410 join the complianceauditing participant 462 to the encrypted video conference. The requestmay be sent upon the client device associated with the organizationjoining the encrypted video conference. In some cases, the joining ofthe client device and the requesting to join the compliance auditingparticipant 462 to the encrypted video conference may be donesimultaneously. The compliance auditing participant 462 may beautomatically joined to the encrypted video conference in response tothe request from the compliance auditing server 460.

Optionally, upon joining the encrypted video conference, an indicationof the compliance auditing participant 462 may be provided on a GUI 500to indicate to the participants of the encrypted video conference thatthe compliance auditing participant 462 has joined the meeting. Forexample, upon joining the compliance auditing participant 462 to theencrypted video conference, the indication 564 may appear, highlight, orotherwise indicate on the GUI 500 that the compliance auditingparticipant 462 has joined the encrypted video conference. In somecases, the indication 564 may include the compliance auditingparticipant 462 appearing on the meeting roster 504. A participant canselect the indication 564 and view information relating to thecompliance auditing participant 462, such as, for example, theorganization associated with the compliance auditing participant 462.

In one example, more than one compliance auditing participant 462 may bejoined to the encrypted video conference. For example, in a meetingwhere participants from multiple organizations are attending, some orall of the organizations may use their own compliance auditing server.Thus, a first compliance auditing participant 462 may be associated witha first organization and a second compliance auditing participant 462may be associated with a second organization, and so forth. In such anexample, two indications 564 can be provided in the GUI 500 as describedabove. By selecting an indication 564, a participant can view whichorganization the selected compliance auditing participant 462 isassociated with.

Prior to or upon initiation of the encrypted video conference the host'sclient device 420 obtains a meeting cryptographic key. Any suitabletechnique for generating a meeting cryptographic key may be employed.For example, the meeting cryptographic key may include a cryptographickey pair generated according to any suitable cryptographic key pairtechnique, such as using elliptic curves. In some examples, the meetingcryptographic key may be a single symmetric cryptographic key. Thehost's client device 420 may distribute the cryptographic meeting key tothe participants of the encrypted video conference generally asdiscussed above with respect to FIG. 3 .

At block 630, the compliance auditing server 460 may receive and storethe cryptographic meeting key associated with the encrypted videoconference. As noted above, the host's client device 420 distributes thecryptographic meeting key to the participants of the encrypted videoconference. The compliance auditing participant 462 is treated as one ofthe participants, and as such, receives the cryptographic meeting key.Upon receipt of the cryptographic meeting key, the compliance auditingparticipant 462 may transmit the cryptographic meeting key to thecompliance auditing server 460, which in turn stores the cryptographicmeeting key.

At block 640, the compliance auditing server 460 receives and stores theencrypted streams of audio and video from the encrypted videoconference. For example, the host's client device 420 begins encryptingaudio and video obtained from its microphone and video capture deviceusing the meeting cryptographic key, as do the other participants.

During the encrypted video conference, the video conference provider 410receives the encrypted streams of audio and video from variousparticipants of the meeting and distributes the encrypted streams ofaudio and video to the other participants in the meeting. For example,the host's client device 420 transmits the encrypted audio and video tothe video conference provider 410, where, in turn, the video conferenceprovider 410 distributes the encrypted audio and video from the host'sclient device 420 to the other participants. The host's client device420 also begins to receive encrypted streams of audio and video via thevideo conference provider 410 from the other participants. It should beappreciated that the functionality at block 640 continues throughout thevideo conference. In this way, any streams of audio and videotransmitted between the participants is encrypted. Because thecompliance auditing participant 462 is treated as a participant, thecompliance auditing participant 462 receives the encrypted streams ofaudio and video distributed during the meeting. Upon receipt of theencrypted streams of audio and video the compliance auditing participant462 may transmit the encrypted streams to the compliance auditing server460, which in turn receives and stores the encrypted streams of audioand video. In some examples, the compliance auditing participant 462 mayautomatically record the encrypted streams of audio and video as itreceives the streams. In some such examples, the compliance auditingserver 460 receives and stores the recorded encrypted streams of theaudio and video from the compliance auditing participant 462.

At optional block 645, the compliance auditing server 460 may transmit amessage to the video conference provider 410 to store encrypted streamsof audio and video. As noted above, the video conference provider 410receives all the encrypted streams of audio and video exchanged betweenparticipants during the encrypted video conference. In some examples,the compliance auditing server 460 may be hosted or managed by the videoconference provider 410, or may employ the video conference provider 410as a data storage cloud server. In such cases, the video conferenceprovider 410 may store the encrypted streams of audio and video as theyare received during the encrypted video conference. In some cases, thevideo conference provider 410 may record the encrypted streams of audioand video as they are received and then store them to a cloud storagearea accessible by the compliance auditing server 410. Because the videoconference provider 410 does not have access to the meeting key, thevideo conference provider 410 is unable to decrypt the stored encryptedstreams of audio and video. In this manner, participants of theencrypted video conference can enjoy privacy and security during theircommunications.

At block 650, the compliance auditing server 460 receives a request fora portion of the stored encrypted streams of audio and video. Thecompliance auditing server 460 may receive the request after theencrypted video conference is ended. In this example, the request may besent by the organization; while in other examples, the request may besent by a third party hired by the organization for compliance auditingpurposes. Some examples may require the requesting party to providecredentials, such as a username and password, to obtain the recordedaudio, video, chat messages, etc.

At block 660, the compliance auditing server 460 provides the requestedportion of the encrypted audio and video streams to the requestingentity (e.g., organization or third party).

The request at block 650 may also include a request for thecryptographic meeting key. In such cases, at block 670, the complianceauditing server 460 provides the cryptographic meeting key to therequesting entity.

It should be appreciated that the method 600 described above is only oneexample according to this disclosure. In other examples, the blocksdescribed above may be performed in a different order or one or moreblocks may be omitted. For example, the order of blocks 620-660 mayoccur in any suitable order according to different examples.

Referring now to FIG. 7 , FIG. 7 shows an example method 700 forcompliance auditing encrypted video conferences. The method 700 of FIG.7 will be described with respect to the systems shown in FIG. 4 ;however any suitable system according to this disclosure may beemployed, including any of the systems shown in FIG. 1-3 or 5 . In somecases, method 700 may be a sub-method of method 600 shown in FIG. 6 . Inspecific examples, method 700 may be a sub-method of block 650.

At block 710, the compliance auditing server 460 receives a request fordecrypted streams of audio and video from the encrypted videoconference. The request may be sent by a member of the organization, anautomated auditing or compliance software application, or a third partywhich the organization hired for compliance auditing purposes. Forexample, the compliance auditing server 460 may automatically decryptmeeting recordings after a meeting has concluded based on an indicationthat the meeting has concluded.

At block 720, the compliance auditing server 460 decrypts the encryptedstreams of audio and video upon receipt of the request. The complianceauditing server 460 decrypts the encrypted streams of audio and videousing the cryptographic meeting key, which may also be stored by thecompliance auditing server 460. At block 730, the compliance auditingserver 460 provides the decrypted streams of audio and video to therequesting entity.

At optional block 740, the compliance auditing server 460 encodes thedecrypted streams of audio and video into a suitable format, and storesthe decrypted audio and video (encoded or not) onto a data store, suchas its own local data store or at a remote computing device, e.g.,customer server 450. In an example, compliance auditing server 460generates an MP4 file of the decrypted streams of audio and video. Inexamples, the organization or third party may request the decryptedstreams of audio and video for review and auditing purposes. In responseto such a request, the compliance auditing server 460 may send thedecrypted stream of audio and video by, for example, sending thegenerated file of the decrypted streams of audio and video. Thecompliance auditing server 460 may also store the generated file toreduce the storage space of the encrypted streams of audio and video.

It should be appreciated that the method 700 described above is only oneexample according to this disclosure. In other examples, the blocksdescribed above may be performed in a different order or one or moreblocks may be omitted.

Referring now to FIG. 8 , FIG. 8 shows an example method 800 forcompliance auditing encrypted video conferences. The method 800 of FIG.8 will be described with respect to the systems shown in FIG. 4 ;however any suitable system according to this disclosure may beemployed, including any of the systems shown in FIG. 1-3 or 5 . In somecases, method 800 may be a sub-method of method 600 shown in FIG. 6 .

At block 810, the compliance auditing server 460 receives and storesencrypted message data. The encrypted message data may include any chatmessages, text, documents, or other communication that is not audio orvideo exchanged between participants during the video conference.Because the compliance auditing participant 462 is treated as a normalparticipant of the encrypted video conference, the compliance auditingparticipant 462 receives any chat messages exchanged by the participantsduring the meeting. The compliance auditing participant 462 thentransmits the message data to the compliance auditing server 460 forstorage, which the compliance auditing server 460 stores and associateswith the meeting, the meeting key(s), and any recorded encrypted audioand video. Due to the encrypted nature of the meeting, the message datais also encrypted.

At block 820, after the meeting conference has ended, the complianceauditing server 460 receives a request for decrypted message data. Therequest may be made by the organization or a third party hired by theorganization for compliance auditing purposes.

At block 830, the compliance auditing server 460 decrypts the chatmessages using the cryptographic meeting key to generate decryptedmessage data. Similar to the decrypted streams of audio and video, thecompliance auditing server 460 may encode the decrypted message data toany suitable format, if needed.

At block 840, the compliance auditing server 460 provides the decryptedmessage data to the requesting entity (e.g., the organization or thirdparty). In some cases, the compliance auditing server 460 provides thedecrypted and encoded message data in a suitable format for transmissionto the requesting entity.

Although not illustrated, in some embodiments more than one complianceauditing participant 462 is joined to a video conference, which mayinvolve the use of multiple compliance auditing servers 462. In somesuch cases, each of the compliance auditing servers 460 may perform oneor more of blocks of methods 600, 700, and/or 800. For example, as partof method 600 a second compliance auditing server 460 may request tojoin a second compliance auditing participant 462 to the encrypted videoconference at block 620. The second compliance auditing participant 462is treated as a participant of the encrypted video conference andreceives the cryptographic meeting key, which is in turned stored by thesecond compliance auditing server 460. For the purposes of thisdisclosure, the second compliance auditing participant 462 andrespective second compliance auditing server 460 are the same as thecompliance auditing participant 462 and the compliance auditing server460, discussed herein. In some cases, the second compliance auditingparticipant 462 and second compliance auditing server 460 are associatedwith a different organization than the compliance auditing participant462 and the compliance auditing server 460. It should be readilyappreciated that any number of compliance auditing participants can bejoined to an encrypted video conference according to the systems andmethods described herein. It should also be appreciated that a singlecompliance auditing server 462 may interact with multiple complianceauditing participants 460. In some such examples, the complianceauditing server 462 may execute one or more blocks of methods 600, 700,or 800 concurrently for different compliance auditing participants 460.

Referring now to FIG. 9 , FIG. 9 shows an example method 900 forcompliance auditing encrypted video conferences. The method 900 of FIG.9 will be described with respect to the systems shown in FIG. 4 ;however any suitable system according to this disclosure may beemployed, including any of the systems shown in FIG. 1-3 or 5 .

At block 910, the compliance auditing participant 462 receives anindication of an encrypted video conference. The indication of theencrypted video conference can be a meeting invite for a scheduledmeeting or a notification that the encrypted video conference hasstarted. The indication of the encrypted meeting conference may identifycertain meeting information, such as a meeting identifier and passcode.

At block 920, the compliance auditing participant 462 joins theencrypted video conference. Joining the meeting may be done in responseto the compliance auditing participant 462 sending a request to theencrypted video conference. The request to join the compliance auditingparticipant 462 can be sent either before initiation of the encryptedvideo conference or upon initiation of the encrypted video conference.In some embodiments, the compliance auditing participant 462 only joinsthe meeting if a client device from the organization associated with thecompliance auditing participant 462 also joins the encrypted videoconference.

At block 930, the compliance auditing participant 462 receives acryptographic meeting key. Prior to or upon initiation of the encryptedvideo conference the compliance auditing participant 462 obtains thecryptographic meeting key. The cryptographic meeting key may bedistributed by the host's client device 420 upon initiation of theencrypted meeting. The compliance auditing participant 462 may passalong the meeting key to the compliance auditing server 460. As notedabove, the cryptographic meeting key can be generated by the host'sdevice 420 using any suitable technique for meeting cryptographic keygeneration. In some examples, the compliance auditing server 460 mayalso receive indications identifying when the meeting cryptographic keybegan being used, e.g., by providing a corresponding timestamp. Suchadditional information may also be stored and associated with themeeting cryptographic key and resulting encrypted audio and videoreceived at future steps.

At block 940, the compliance auditing participant 462 receives theencrypted streams of audio and video. The compliance auditingparticipant 462 may also record the encrypted streams of audio and videoas they are received. In some examples, the compliance auditingparticipant 462 may be a cloud-based application.

At block 950, the compliance auditing participant 462 transmits theencrypted audio and video streams to the compliance auditing server 460.In some cases, as the compliance auditing participant 462 records theencrypted audio and video streams, the compliance auditing participant462 may transmit them to the compliance auditing server 460 for storing.Alternatively, the compliance auditing participant 462 may not recordthe encrypted audio and video streams, but may transmit them to thecompliance auditing server 460 to be stored. In some examples where thecompliance auditing participant 462 is executed by the complianceauditing server 460, the compliance auditing participant 462 maytransmit the encrypted audio and video streams by storing them on astorage device associated with the compliance auditing server 460.

Further, as discussed above, in some examples, the compliance auditingparticipant 462 may be executed on a client device internally at theorganization, but the encrypted audio, video, chat messages, etc. may bestored on a cloud server, e.g., at the video conference provider 410. Insome such examples, the compliance auditing participant may transmit toa cloud storage server that provides compliance auditing server 460functionality, including storing the encrypted audio, video, etc.streams.

At block 955, the compliance auditing participant 462 may also transmitthe cryptographic meeting key to the compliance auditing server 460. Insome examples, the compliance auditing participant 462 may transmit thecryptographic meeting key to the compliance auditing server 460 uponreceipt of the cryptographic meeting key at the beginning of themeeting.

At block 960, the compliance auditing participant 462 receives one ormore chat messages exchanged by the participants during the encryptedvideo conference. Upon receipt of the one or more chat messages, thecompliance auditing participant 462 may transmit the one or more chatmessages to the compliance auditing server 460 for storage.

It should be appreciated that the method 900 described above is only oneexample according to this disclosure. In other examples, the blocksdescribed above may be performed in a different order or one or moreblocks may be omitted. For example, the order of blocks 910-960 mayoccur in any suitable order according to different examples.

Referring now to FIG. 10 , FIG. 10 shows an example computing device1000 suitable for use in example systems or methods for suggesting useractions during a video conference according to this disclosure. Theexample computing device 1000 includes a processor 1010 which is incommunication with the memory 1020 and other components of the computingdevice 1000 using one or more communications buses 1002. The processor1010 is configured to execute processor-executable instructions storedin the memory 1020 to execute a compliance auditing participant 1060according to this disclosure or to perform one or more methods forsuggesting user actions during a video conference according to differentexamples, such as part or all of the example methods 600-900 describedabove with respect to FIGS. 6-9 . As discussed above, the complianceauditing participant 1060, when executed by processor 1010, may provideone or more of the compliance auditing techniques for encrypted videoconferences as described herein. The computing device, in this example,also includes one or more user input devices 1050, such as a keyboard,mouse, touchscreen, video capture device, microphone, etc., to acceptuser input. The computing device 1000 also includes a display 1040 toprovide visual output to a user.

The computing device 1000 also includes a communications interface 1040.In some examples, the communications interface 1030 may enablecommunications using one or more networks, including a local areanetwork (“LAN”); wide area network (“WAN”), such as the Internet;metropolitan area network (“MAN”); point-to-point or peer-to-peerconnection; etc. Communication with other devices may be accomplishedusing any suitable networking protocol. For example, one suitablenetworking protocol may include the Internet Protocol (“IP”),Transmission Control Protocol (“TCP”), User Datagram Protocol (“UDP”),or combinations thereof, such as TCP/IP or UDP/IP.

While some examples of methods and systems herein are described in termsof software executing on various machines, the methods and systems mayalso be implemented as specifically-configured hardware, such asfield-programmable gate array (FPGA) specifically to execute the variousmethods according to this disclosure. For example, examples can beimplemented in digital electronic circuitry, or in computer hardware,firmware, software, or in a combination thereof. In one example, adevice may include a processor or processors. The processor comprises acomputer-readable medium, such as a random access memory (RAM) coupledto the processor. The processor executes computer-executable programinstructions stored in memory, such as executing one or more computerprograms. Such processors may comprise a microprocessor, a digitalsignal processor (DSP), an application-specific integrated circuit(ASIC), field programmable gate arrays (FPGAs), and state machines. Suchprocessors may further comprise programmable electronic devices such asPLCs, programmable interrupt controllers (PICs), programmable logicdevices (PLDs), programmable read-only memories (PROMs), electronicallyprogrammable read-only memories (EPROMs or EEPROMs), or other similardevices.

Such processors may comprise, or may be in communication with, media,for example one or more non-transitory computer-readable media, that maystore processor-executable instructions that, when executed by theprocessor, can cause the processor to perform methods according to thisdisclosure as carried out, or assisted, by a processor. Examples ofnon-transitory computer-readable medium may include, but are not limitedto, an electronic, optical, magnetic, or other storage device capable ofproviding a processor, such as the processor in a web server, withprocessor-executable instructions. Other examples of non-transitorycomputer-readable media include, but are not limited to, a floppy disk,CD-ROM, magnetic disk, memory chip, ROM, RAM, ASIC, configuredprocessor, all optical media, all magnetic tape or other magnetic media,or any other medium from which a computer processor can read. Theprocessor, and the processing, described may be in one or morestructures, and may be dispersed through one or more structures. Theprocessor may comprise code to carry out methods (or parts of methods)according to this disclosure.

The foregoing description of some examples has been presented only forthe purpose of illustration and description and is not intended to beexhaustive or to limit the disclosure to the precise forms disclosed.Numerous modifications and adaptations thereof will be apparent to thoseskilled in the art without departing from the spirit and scope of thedisclosure.

Reference herein to an example or implementation means that a particularfeature, structure, operation, or other characteristic described inconnection with the example may be included in at least oneimplementation of the disclosure. The disclosure is not restricted tothe particular examples or implementations described as such. Theappearance of the phrases “in one example,” “in an example,” “in oneimplementation,” or “in an implementation,” or variations of the same invarious places in the specification does not necessarily refer to thesame example or implementation. Any particular feature, structure,operation, or other characteristic described in this specification inrelation to one example or implementation may be combined with otherfeatures, structures, operations, or other characteristics described inrespect of any other example or implementation.

Use herein of the word “or” is intended to cover inclusive and exclusiveOR conditions. In other words, A or B or C includes any or all of thefollowing alternative combinations as appropriate for a particularusage: A alone; B alone; C alone; A and B only; A and C only; B and Conly; and A and B and C.

That which is claimed is:
 1. A method comprising: receiving, by acompliance auditing server, an indication of an encrypted videoconference; sending, by the compliance auditing server, a request to avideo conference provider to join a compliance auditing participant tothe encrypted video conference, wherein the video conference providerdoes not have access to data stored on the compliance auditing server;receiving and storing, by the compliance auditing server, encryptedstreams of audio and video from a plurality of participants in the videoconference, wherein: the compliance auditing participant is one of theplurality of participants; the encrypted streams of audio and video areencrypted by the respective participants using a cryptographic meetingkey; and the video conference provider does not have access to thecryptographic meeting key; receiving, by the compliance auditing serverafter the encrypted video conference has ended, a request for a portionof the encrypted streams of audio and video; and providing, in responseto the request, the portion of the encrypted streams of audio and video.2. The method of claim 1, further comprising: receiving and storing, bythe compliance auditing server, the cryptographic meeting key associatedwith the encrypted video conference.
 3. The method of claim 2, furthercomprising: receiving, by the compliance auditing server after theencrypted video conference has ended, a request for decrypted streams ofaudio and video; decrypting, by the compliance auditing server, aportion of the encrypted streams of audio and video using thecryptographic meeting key to generate the decrypted streams of audio andvideo; and providing, by the compliance auditing server, the decryptedstreams of audio and video.
 4. The method of claim 1, wherein thecompliance auditing participant is a software based application executedby one of: a host's client device; another computing device; and thecompliance auditing server.
 5. The method of claim 2, furthercomprising: receiving, by the compliance auditing participant, one ormore chat messages during the encrypted video conference, wherein theone or more chat messages are encrypted; and storing, by the complianceauditing server, the one or more chat messages.
 6. The method of claim5, further comprising: receiving, by the compliance auditing serverafter the encrypted video conference has ended, a request for decryptedmessage data from the one or more chat messages; decrypting, by thecompliance auditing server, the one or more chat messages using thecryptographic meeting key to generate the decrypted message data; andproviding, by the compliance auditing server, the decrypted messagedata.
 7. The method of claim 1, further comprising: receiving, by thecompliance auditing server after the video conference has ended, arequest for the cryptographic meeting key; and providing, in response tothe request, the cryptographic meeting key.
 8. The method of claim 1,wherein receiving and storing the encrypted streams of audio and videocomprise: transmitting a message to the video conference provider tostore the encrypted streams of audio and video.
 9. The method of claim1, wherein the compliance auditing server is hosted by the videoconference provider.
 10. A system comprising: a non-transitorycomputer-readable medium; a communications interface; and a processorcommunicatively coupled to the non-transitory computer-readable mediumand the communications interface, the processor configured to executeprocessor-executable instructions stored in the non-transitorycomputer-readable medium to: receive an indication of an encrypted videoconference; send a request to a video conference provider to join acompliance auditing participant to the encrypted video conference,wherein the video conference provider does not have access to datastored on the compliance auditing server; receive and store encryptedstreams of audio and video from a plurality of participants in theencrypted video conference, wherein: the compliance auditing participantis one of the plurality of participants; the encrypted streams of audioand video are encrypted by the respective participants using acryptographic meeting key; and the video conference provider does nothave access to the cryptographic meeting key; receive a request for aportion of the encrypted streams of audio and video; and provide, inresponse to the request, the portion of the encrypted streams of audioand video.
 11. The system of claim 10, wherein the processor isconfigured to execute further processor-executable instructions storedin the non-transitory computer-readable medium to: receive and store thecryptographic meeting key associated with the encrypted videoconference.
 12. The system of claim 11, wherein the processor isconfigured to execute further processor-executable instructions storedin the non-transitory computer-readable medium to: receive, after theencrypted video conference has ended, a request for decrypted streams ofaudio and video; decrypt a portion of the encrypted streams of audio andvideo using the cryptographic meeting key to generate the decryptedstreams of audio and video; and provide the decrypted streams of audioand video.
 13. The system of claim 12, wherein the compliance auditingparticipant is a software based application executed by one of: a host'sclient device; another computing device; and the compliance auditingserver.
 14. The system of claim 11, wherein the processor is configuredto execute further processor-executable instructions stored in thenon-transitory computer-readable medium to: receive and store one ormore chat messages received by the compliance auditing participantduring the encrypted video conference, wherein the one or more chatmessages are encrypted.
 15. The system of claim 14, wherein theprocessor is configured to execute further processor-executableinstructions stored in the non-transitory computer-readable medium to:receive, after the encrypted video conference has ended, a request fordecrypted message data from the one or more chat messages; decrypt theone or more chat messages using the cryptographic meeting key togenerate the decrypted message data; and provide the decrypted messagedata.
 16. The system of claim 10, wherein the processor is configured toexecute further processor-executable instructions stored in thenon-transitory computer-readable medium to: receive a request for thecryptographic meeting key; and provide, in response to the request, thecryptographic meeting key.
 17. The system of claim 10, wherein theinstructions to receive and store the encrypted streams of audio andvideo further cause the processor to execute furtherprocessor-executable instructions stored in the non-transitorycomputer-readable medium to: transmit a message to the video conferenceprovider to store the encrypted streams of audio and video.
 18. A methodcomprising: receiving, by a compliance auditing participant executing ona client device, an indication that an encrypted video conference isinitiated, wherein the encrypted video conference includes a pluralityof participants; automatically joining the encrypted video conferencewith the client device; receiving, by the compliance auditingparticipant from a host client device, a cryptographic meeting keydistributed to each participant of the plurality of participants,wherein the compliance auditing participant is one of the plurality ofparticipants; recording, by the compliance auditing participant,encrypted streams of audio and video of the video conference; andtransmitting, by the compliance auditing participant, the encryptedaudio and video to the compliance auditing server.
 19. The method ofclaim 18, further comprising: receiving, by the compliance auditingparticipant, one or more chat messages exchanged during the encryptedvideo conference, wherein the one or more chat messages are encrypted.20. The method of claim 18, further comprising: transmitting, by thecompliance auditing participant, the cryptographic meeting key to thecompliance auditing server.